Default configuration

2015-07-1417:59:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.7%

JSON

The default configuration of IBM WebSphere Application Server (WAS) 7.0.0 before 7.0.0.39, 8.0.0 before 8.0.0.11, and 8.5 before 8.5.5.6 has a false value for the com.ibm.ws.webcontainer.disallowServeServletsByClassname WebContainer property, which allows remote attackers to obtain privileged access via unspecified vectors.

CPENameOperatorVersion
websphere_application_servereq7.0.0.14
websphere_application_servereq8.5.0.2
websphere_application_servereq7.0.0.12
websphere_application_servereq7.0.0.2
websphere_application_servereq7.0.0.37
websphere_application_servereq7.0.0.31
websphere_application_servereq7.0.0.24
websphere_application_servereq7.0.0.25
websphere_application_servereq7.0.0.33
websphere_application_servereq7.0.0.5

Name	Operator	Version
websphere_application_server	eq	7.0.0.14
websphere_application_server	eq	8.5.0.2
websphere_application_server	eq	7.0.0.12
websphere_application_server	eq	7.0.0.2
websphere_application_server	eq	7.0.0.37
websphere_application_server	eq	7.0.0.31
websphere_application_server	eq	7.0.0.24
websphere_application_server	eq	7.0.0.25
websphere_application_server	eq	7.0.0.33
websphere_application_server	eq	7.0.0.5